System and Method for Monitoring Computing Servers for Possible Unauthorized Access

1. A system, comprising: one or more VoIP servers, each configured and arranged to provide respective VoIP services to remote users; and a processing circuit communicatively-coupled to the one or more VoIP servers and configured and arranged to: monitor data transactions of at least one server, of the one or more VoIP servers, that is associated with a user account, the user account having a security policy; detect a flag set in at least one data packet of the data transactions of the at least one VoIP server; analyze, in response to detecting the flag, a VoIP call corresponding to the at least one data packet for characteristics of the data transactions that correspond to a call loop; determine a threat level as a function of one or more characteristics of the data transactions, including the characteristics of the data transactions that correspond to a call loop, and one or more conditions of the security policy, each of the one or more conditions being indicative of unauthorized access when satisfied by the one or more characteristics; and in response to the threat level exceeding a first threshold level indicated in the security policy of the user account, send a notification to an authorized user of the user account.

2. The system of claim 1 , wherein the processing circuit is further configured and arranged to: in response to the monitored data transactions exhibiting characteristics indicative of a system problem, send a notification to the authorized user of the user account.

3. The system of claim 2 , wherein the processing circuit is further configured and arranged to in further response to the monitored data transactions exhibiting characteristics indicative of a system problem: determine if the system problem is a server-side problem or a user-side problem; in response to determining that the system problem is a server-side problem, send a notification to the authorized user of the user account; and in response to determining that the system problem is a user-side problem, of one of the remote users corresponding to one of the monitored data transactions, send a notification to the remote user.

4. The system of claim 2 , wherein the characteristics indicative of a system problem include call jitter, dropped data packets, and network connectivity.

5. The system of claim 1 , wherein the processing circuit is configured and arranged to determine the threat level based on a number of the conditions of the security policy that are satisfied by the one or more characteristics of the data transactions.

6. The system of claim 1 , wherein the one or more conditions of the security policy indicative of unauthorized access includes a condition that is satisfied by a frequency of data transactions exceeding a threshold indicated in the security policy.

7. The system of claim 1 , wherein the one or more conditions of the security policy indicative of unauthorized access includes a condition that is satisfied by a size of a data transaction exceeding a threshold transaction size in the security policy.

8. The system of claim 1 , wherein the one or more conditions of a security policy indicative of unauthorized access includes a condition that is satisfied by exceeding a daily data transfer limit indicated in the security policy.

9. The system of claim 1 , wherein the one or more conditions of a security policy indicative of unauthorized access includes a condition that is satisfied by a frequency of data transactions surpassing a stored average for the account by a threshold indicated in the security policy.

10. The system of claim 1 , wherein the one or more conditions of a security policy indicative of unauthorized access includes a condition that is satisfied by detecting a user logged in to the at least one server from an IP address outside of an IP address range specified by the security policy.

11. The system of claim 1 , wherein the one or more conditions of a security policy indicative of unauthorized access includes a condition that is satisfied by a number of failed login attempts exceeding a limit indicated in the security policy.

12. The system of claim 1 , wherein the processing circuit is configured and arranged to determine the threat level as a function of a sensitivity level of files/folders that are accessed.

13. The system of claim 1 , wherein the processing circuit is configured and arranged to determine the threat level as a function of a direction of the data transactions, wherein the threat level as the function of the direction of the data transactions includes a higher threat level for a download of data than a threat level for an upload of data and a higher threat level for an outgoing call than a threat level for an incoming call.

14. The system of claim 1 , wherein the processing circuit is configured and arranged to determine the threat level as a function of IP location of a user initiating the data transactions.

15. The system of claim 1 , wherein the processing circuit is further configured and arranged to, respond to the threat level exceeding a second threshold level indicated in the security policy, perform one or more automated tasks to prevent further unauthorized access to the at least one server, the one or more automated tasks including disabling a remote service provided by the at least one server.

16. The system of claim 1 , wherein the processing circuit is configured and arranged to send the notification by sending one or more types of messages including: an SMS text message to a number listed in the security policy, an automated voice call to a number listed in the security policy, an email to an email address listed in the security policy, and a social network message.

17. The system of claim 1 , wherein the notification provides a mechanism to allow the authorized user to select from one or more possible actions.

18. The system of claim 1 , wherein the processing circuit is further configured and arranged to: provide an internet based graphical user interface (GUI); and modify the security policy in response to user input via the GUI.

19. A method, comprising the steps of: monitoring data transactions of a VoIP server corresponding to a user account, the user account having a security policy; detecting a flag set in at least one data packet of the data transactions of the at VoIP server; analyzing, in response to detecting the flag, a VoIP call corresponding to the at least one data packet for characteristics of the data transactions that correspond to a call loop; determining a threat level of the VoIP server as a function of one or more characteristics of the data transactions, including the characteristics of the data transactions that correspond to a call loop, and one or more conditions of the security policy that are indicative of unauthorized access; in response to the threat level exceeding a first threshold level indicated in the security policy of the user account, sending a notification to an authorized user of the user account indicating that the threat level has been exceeded; and wherein processing circuitry is communicatively coupled to the VoIP server and configured and arranged to perform the above steps.